More Layers, Please

M$ has put many coats of paint on the old barn to secure that other OS but the malware writers have discovered a way to alter the MBR data so that rebooting turns off some of the layers of protection. The result is rootkits on the beloved 64bit “7”. Fortunately, our 64bit machines run Debian GNU/Linux. You need physical access to the machine or root access to alter the MBR with GNU/Linux. That other OS provides the tools by default… The modifications to UAC after the Vista fiasco opened the door to this rootkit. Malware artists have been going through this door since August.

This discovery shows once again that more layers of security applied to that other OS is a temporary defence. The malware artists only need to find one crack in each layer to get in. It is far better to have a logically secure OS from the beginning. The fewer the vulnerabilities at the core of everything the more difficult it is to penetrate from any layer of security. That other OS was designed from the beginning as a single-user system with no networking so security has always had to depend on the layers and not the core. It will always be a step behind the malware artists because painting is a reactive process. The more complex the OS the more difficult it is to paint perfectly. Better to have a core with fewer edges that can be attacked.

The world has paid $billions for licences to use that other OS since August and the result is nothing but pain. It’s value is negative. Here, I have two PCs in classrooms running that other OS. As a precaution I installed Dansguardian to filter our web access and in the first week, it found one instance of malware coming in, from a teacher’s PC running that other OS from a teacherage. It has been a pain in the neck but that one save may have prevented serious problems. The malware was a Trojan running on Java.

About Robert Pogson

I am a retired teacher in Canada. I taught in the subject areas where I have worked for almost forty years: maths, physics, chemistry and computers. I love hunting, fishing, picking berries and mushrooms, too.
This entry was posted in Linux in Education, technology. Bookmark the permalink.

3 Responses to More Layers, Please

  1. Ray says:

    I think the best way to see if Linux is truly more secure than windows is to switch market share, and to give it time, We’ll see if Linux is truly better than Windows, or at least more secure.

  2. Things are getting more dangerous. The thing Dansguardian blocked from me was a .jar.

    ls -l /usr/lib/jvm/java-6-openjdk/jre/lib/about.jar
    -rw-r–r– 1 root root 17784 Oct 19 19:48 /usr/lib/jvm/java-6-openjdk/jre/lib/about.jar
    $ java usr/lib/jvm/java-6-openjdk/jre/lib/about.jar
    Exception in thread “main” java.lang.NoClassDefFoundError: usr/lib/jvm/java-6-openjdk/jre/lib/about/jar
    Caused by: java.lang.ClassNotFoundException: usr.lib.jvm.java-6-openjdk.jre.lib.about.jar
    at java.net.URLClassLoader$1.run(URLClassLoader.java:217)
    at java.security.AccessController.doPrivileged(Native Method)
    at java.net.URLClassLoader.findClass(URLClassLoader.java:205)
    at java.lang.ClassLoader.loadClass(ClassLoader.java:321)
    at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:294)
    at java.lang.ClassLoader.loadClass(ClassLoader.java:266)
    Could not find the main class: usr/lib/jvm/java-6-openjdk/jre/lib/about.jar. Program will exit.

    Java does not respect the x-bit on .jar files… Java is the executable and it treats the .jar as data. We throw away a lot of security when we use Java. We know it has holes.

  3. Bender says:

    To be fair Robert, you should add that using a limited account or with UAC will render that rootkit unable to run BUT on the other hand the other os creates by default an admin account? And since common joe has no idea about security besides running an av (at best) it will spread. Microsoft has done muchnamage by its lack of basic security principles like running as a normal user BY DEFAULT! and now they try to fix that with an UAC bandaid while common user is still clueless as they have ever been, that’s why i have no problems charging people premium for their ignorance. It’s funny that simplemthing like execute bit can make such difference. In GNU/Linux the user would have to know how to makema file executable 😀 then he wouldnhave to run it with sudo privileges but thatmaction doesn’t make the os bad as it is users fault. If i am not mistaken that execute bit is connected with the read flag at that other os though it can be tweaked but someone tell me how many users will do that and if it is even possible with editions for users? All in all i locked my mothers pc with selinux tight anyway and even though this is crappy 2.4 GHz celeron and has only 512 MB of ram it happily runs with KDE with no hickups at all. I’d like that other os match the security and lack of bloat.

Leave a Reply